Microsoft Relents, Offers Free Critical Logging to All 365 Customers

Note: An earlier version of the story used "key" in the headline as a synonym for "critical." The result read as a possible reference to "keylogging," which was not the intent. The word was changed for clarity.

Microsoft dropped the fees associated with expanded logging access for all levels of 365 license holders, after complaints that the cloud service provider was effectively levying a logging tax on customers.

In parallel, a recent update from the Cybersecurity and Infrastructure Security Agency (CISA) on an espionage campaign being waged against Microsoft 365 by Chinese APT group Storm-0558 further highlighted the need for organizations to have access to detailed logging to gather evidence of compromise.

Microsoft acknowledged the need to make it more economical to access logging data. "These steps are the result of close coordination with commercial and government customers, and with CISA about the types of security log data Microsoft provides to cloud customers for insight and analysis as the threat landscape continues to evolve," the company said in a statement to Dark Reading.

Going forward, Microsoft Purview Audit Standard customers will get deeper visibility into security data, including detailed logs of email access and more than 30 other types of log data previously only available to Purview premium subscribers. "Purview Audit logs enable an enterprise to visualize cloud log data, helping customers to effectively respond to security events and investigate what data was accessed in a breach," Microsoft added.

Additionally, Microsoft will extend the retention time for logs from 90 days to 180 days.

CISA's executive assistant director for cybersecurity, Eric Goldstein, applauded Microsoft's move.

"We believe that every organization deserves to have products that are secure by design and come with necessary security data 'out of the box,'" Goldstein said, in a statement of support. "Microsoft's announcement today is an important step forward in advancing the security of our communities, companies, and country, recognizing our shared work yet to come."